A few days ago, we have published a guide that described how to setup centralized Rsyslog server on CentOS system. Today, in this guide, we are going to see how to manage log files using Logrotate on Linux. This utility simplifies the administration of log files, especially useful for systems that produces large volume of log files everyday. As its name implies, LogRotate rotates the logs entirely out of your system at regular interval time. It also allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
Manage Log Files Using Logrotate
Install Logrotate
Logrotate s available in the default repositories of most Linux distributions.
On Arch Linux, and its derivatives, you need to run the following command to install it.
$ sudo pacman -S logrotate
On RPM based systems, such as RHEL, CentOS, Scientific Linux, you can install it using command:
$ sudo yum install logrotate
On Debian, Ubuntu:
$ sudo apt-get install logrotate
On SUSE, openSUSE:
$ sudo znf install logrotate
Configure Logrotate
The main configuration file of LogRotate is /etc/logrotate.conf.
Here is the default contents of this file in my Arch system. This file output might look bit different on other Linux distributions.
$ cat /etc/logrotate.conf
Sample output:
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# restrict maximum size of log files
#size 20M
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# Logs are moved into directory for rotation
# olddir /var/log/archive
# Ignore pacman saved files
tabooext + .pacorig .pacnew .pacsave
# Arch packages drop log rotation information into this directory
include /etc/logrotate.d
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}Let us see what each option does in the above configuration file.
- weekly - It rotates the logs every week.
- rotate 4 - By default, LogRotate keeps the four weeks (one month, obviously) worth of log files. Since, it rotates all log files after a particular period of time, you might need to keep a backup of important log files if you don’t want to lose them.
- size 20M - Rotates the log files if they reached the size of 20MB. By default, this option is disabled. To enable it, just uncomment it.
- create - Creates new log files once the after rotating the old log files. This option is enabled by default.
- compress - Compresses the log files. Also, it doesn’t compress logs by default. If you want to compress the logs, uncomment this line.
- /etc/logrotate.d/ - This directory contains application-specific log rules files.
- missing ok - If the log file is missing, Logrotate will go on to the next one without issuing an error message.
Logrotate segments the log files, and compresses the logs based on the rules that are specified under /etc/logrotate.d/ directory.
Let us take a look at this directory contents.
$ ls /etc/logrotate.d/
Sample output would be:
lirc samba
As you see in the above output, it contains various rules files for all logs managed by LogRotate. To view a specific application log rule, for example samba, run:
$ cat /etc/logrotate.d/samba
Sample output:
/var/log/samba/log.smbd /var/log/samba/log.nmbd /var/log/samba/*.log {
notifempty
missingok
sharedscripts
copytruncate
postrotate
/bin/kill -HUP `cat /var/run/samba/*.pid 2>/dev/null` 2>/dev/null || true
endscript
}Here,
- notifempty - Indicates the log files will not be rotated if it is empty.
- copytruncate - Truncate the original log file in place after creating a copy.
- postrotate/endscript - The lines between postrotate and endscript are executed after the log file is rotated.
- sharedscript - The scripts are only run once, no matter how many logs match the wildcarded pattern.
You can also create your own log rules files in /etc/logrotate.d/ directory and define your own rules.
Cron runs the logroate utility daily in search of log files to rotate. You can specify automatic log rotation rules in /etc/cron.daily/logrotate file to avoid manual user intervention. It will perform the log rotation every single day at a specific time.
To verify whether the logs files are rotating or not, run:
$ cat /var/lib/logrotate.status
Sample output:
logrotate state -- version 2 "/var/log/samba/log.smbd" 2016-5-12-11:0:0 "/var/log/lircd" 2016-6-15-10:0:0 "/var/log/httpd/*log" 2016-5-12-11:0:0 "/var/log/wtmp" 2016-5-6-10:0:0 "/var/log/samba/*.log" 2016-5-12-11:0:0 "/var/log/btmp" 2017-4-1-11:36:53 "/var/log/samba/log.nmbd" 2016-5-12-11:0:0
For more details, run the logrotate by entering the following command:
$ logrotate --help
Or,
$ man logrotate
That's all for now folks. Logrotate is simple, yet useful log rotation tool that simplifies the log management. You don't need to struggle with complex configuration and installation steps. Everything is self-explanatory. If you're managing a system that produces large number of log files, you can rotate them periodically using Logrotate.
Cheers!
Resources:
Thanks for stopping by!
Help us to help you:
- Subscribe to our Email Newsletter : Sign Up Now
- Support OSTechNix : Donate Via PayPal
- Download free E-Books and Videos : OSTechNix on TradePub
- Connect with us: Facebook | Twitter | Google Plus | LinkedIn | RSS feeds
Have a Good day!!
